[Pkg-privacy-commits] [obfsproxy] 135/353: Make obfs2-with-shared-secret easier to integration-test.
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 13:01:51 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository obfsproxy.
commit bb73ef2b77fac0dcda9bd199de807a27b1204e43
Author: George Kadianakis <desnacked at riseup.net>
Date: Wed Mar 27 17:53:10 2013 -0700
Make obfs2-with-shared-secret easier to integration-test.
Some machines were failing the obfs2-with-shared-secret integration
tests because the tests were timing out before the iterative hash
could finish. I added a hidden obfs2 CLI switch that allows the
integration tests to tweak the number of hash iterations.
---
obfsproxy/test/int_tests/test_pits.py | 2 ++
obfsproxy/test/tester.py | 2 ++
obfsproxy/transports/obfs2.py | 57 +++++++++++++++++++++--------------
3 files changed, 39 insertions(+), 22 deletions(-)
diff --git a/obfsproxy/test/int_tests/test_pits.py b/obfsproxy/test/int_tests/test_pits.py
index 29f87aa..09ee6ab 100644
--- a/obfsproxy/test/int_tests/test_pits.py
+++ b/obfsproxy/test/int_tests/test_pits.py
@@ -30,11 +30,13 @@ class PITSTest(twisted.trial.unittest.TestCase):
'client',
'127.0.0.1:%d' % pits.CLIENT_OBFSPORT,
'--shared-secret=test',
+ "--ss-hash-iterations=50",
'--dest=127.0.0.1:%d' % pits.SERVER_OBFSPORT),
('%s' % transport_name,
'server',
'127.0.0.1:%d' % pits.SERVER_OBFSPORT,
'--shared-secret=test',
+ "--ss-hash-iterations=50",
'--dest=127.0.0.1:%d' % self.treader.pits.get_pits_inbound_address().port))
# XXX This is pretty ridiculous. Find a smarter way to make up for the
diff --git a/obfsproxy/test/tester.py b/obfsproxy/test/tester.py
index 9e8716b..4c6871e 100644
--- a/obfsproxy/test/tester.py
+++ b/obfsproxy/test/tester.py
@@ -245,10 +245,12 @@ class DirectObfs2_ss(DirectTest, unittest.TestCase):
server_args = ("obfs2", "server",
"127.0.0.1:%d" % SERVER_PORT,
"--shared-secret=test",
+ "--ss-hash-iterations=50",
"--dest=127.0.0.1:%d" % EXIT_PORT)
client_args = ("obfs2", "client",
"127.0.0.1:%d" % ENTRY_PORT,
"--shared-secret=test",
+ "--ss-hash-iterations=50",
"--dest=127.0.0.1:%d" % SERVER_PORT)
class DirectB64(DirectTest, unittest.TestCase):
diff --git a/obfsproxy/transports/obfs2.py b/obfsproxy/transports/obfs2.py
index 9c4ed61..e34948b 100644
--- a/obfsproxy/transports/obfs2.py
+++ b/obfsproxy/transports/obfs2.py
@@ -7,6 +7,7 @@ The obfs2 module implements the obfs2 protocol.
import random
import hashlib
+import argparse
import obfsproxy.common.aes as aes
import obfsproxy.common.serialize as srlz
@@ -45,22 +46,6 @@ def hn(x, n):
data = h(data)
return data
-def mac(s, x, secret):
- """
- obfs2 regular MAC: MAC(s, x) = H(s | x | s)
-
- Optionally, if the client and server share a secret value SECRET,
- they can replace the MAC function with:
- MAC(s,x) = H^n(s | x | H(SECRET) | s)
-
- where n = HASH_ITERATIONS.
- """
- if secret:
- secret_hash = h(secret)
- return hn(s + x + secret_hash + s, HASH_ITERATIONS)
- else:
- return h(s + x + s)
-
class Obfs2Transport(base.BaseTransport):
"""
Obfs2Transport implements the obfs2 protocol.
@@ -73,6 +58,10 @@ class Obfs2Transport(base.BaseTransport):
# by external-mode code. If not, instantiate it now.
if not hasattr(self, 'shared_secret'):
self.shared_secret = None
+ # If external-mode code did not specify the number of hash
+ # iterations, just use the default.
+ if not hasattr(self, 'ss_hash_iterations'):
+ self.ss_hash_iterations = HASH_ITERATIONS
if self.shared_secret:
log.debug("Starting obfs2 with shared secret: %s" % self.shared_secret)
@@ -111,12 +100,19 @@ class Obfs2Transport(base.BaseTransport):
@classmethod
def register_external_mode_cli(cls, subparser):
subparser.add_argument('--shared-secret', type=str, help='Shared secret')
+
+ # This is a hidden CLI argument for use by the integration
+ # tests: so that they don't do an insane amount of hash
+ # iterations.
+ subparser.add_argument('--ss-hash-iterations', type=int, help=argparse.SUPPRESS)
super(Obfs2Transport, cls).register_external_mode_cli(subparser)
@classmethod
def validate_external_mode_cli(cls, args):
if args.shared_secret:
cls.shared_secret = args.shared_secret
+ if args.ss_hash_iterations:
+ cls.ss_hash_iterations = args.ss_hash_iterations
super(Obfs2Transport, cls).validate_external_mode_cli(args)
@@ -246,20 +242,37 @@ class Obfs2Transport(base.BaseTransport):
"""
Derive and return an obfs2 key using the pad string in 'pad_string'.
"""
- secret = mac(pad_string,
- self.initiator_seed + self.responder_seed,
- self.shared_secret)
+ secret = self.mac(pad_string,
+ self.initiator_seed + self.responder_seed,
+ self.shared_secret)
return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:])
def _derive_padding_crypto(self, seed, pad_string): # XXX consider secret_seed
"""
Derive and return an obfs2 padding key using the pad string in 'pad_string'.
"""
- secret = mac(pad_string,
- seed,
- self.shared_secret)
+ secret = self.mac(pad_string,
+ seed,
+ self.shared_secret)
return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:])
+ def mac(self, s, x, secret):
+ """
+ obfs2 regular MAC: MAC(s, x) = H(s | x | s)
+
+ Optionally, if the client and server share a secret value SECRET,
+ they can replace the MAC function with:
+ MAC(s,x) = H^n(s | x | H(SECRET) | s)
+
+ where n = HASH_ITERATIONS.
+ """
+ if secret:
+ secret_hash = h(secret)
+ return hn(s + x + secret_hash + s, self.ss_hash_iterations)
+ else:
+ return h(s + x + s)
+
+
class Obfs2Client(Obfs2Transport):
"""
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfsproxy.git
More information about the Pkg-privacy-commits
mailing list